this post was submitted on 18 Sep 2023
52 points (96.4% liked)
Explain Like I'm Five
14220 readers
4 users here now
Simplifying Complexity, One Answer at a Time!
Rules
- Be respectful and inclusive.
- No harassment, hate speech, or trolling.
- Engage in constructive discussions.
- Share relevant content.
- Follow guidelines and moderators' instructions.
- Use appropriate language and tone.
- Report violations.
- Foster a continuous learning environment.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I know what a cookie is.
I was asking what are legitimate-interest cookies and what makes them different so they don't need explicit consent under GDPR.
It would help to clarify in the post that you're interested in the legal aspects for the EU under the GDPR.
To answer your question though, on the GDPR website I thought these snippets were the most helpful:
....
....
Edit: Sorry, forgot the ELI5. As long as the website informs users why a cookie is necessary for the website to function correctly, it can be classified as 'strictly necessary' and not require consent. As far as what's "necessary"... that's still being defined and will probably be reviewed on a case by case basis.
It seems you are confusing strictly necessary cookies with legitimate interest cookies, which are different things: https://kbin.social/m/[email protected]/t/466192/-/comment/2427882
I had added the #GDPR tag to the question and, as far as I know, GDPR is the only regulation that requires a cookie consent banner and mentions legitimate interest cookies, but I may be wrong on that as I don't know all the regulations around the world 😃 (and California tends to follow EU's stances on these matters, so I wouldn't be surprised if they were baking something similar to the GDPR if they don't have it yet).
But yeah, you are right, people from many different places around the world could be reading the question, so I must have been clear that this is specific to some local regulation. I edited the post.
Thanks, appreciate it. I definitely misunderstood 'legitimate interest' cookies as 'strictly necessary'. It looks like the laws are vague and still in development. I'm not in the EU but it's been fun diving into this discussion and the laws!
They're different because you can't use the service without them. For example like with an auth cookie.
That's a functional (or "strictly necessary") cookie and those are the ones you cannot reject.
Legitimate-interest cookies are a different thing and you can indeed reject them, but they are on by default.